Network container

Launch a container on the default network

Docker includes support for networking containers through the use of network drivers. By default, Docker provides two network drivers for you, the bridge(default) and the overlay drivers. You can also write a network driver plugin so that you can create your own drivers but that is an advanced task.

使用 docker network ls 查看当前网络

$ docker network ls

NETWORK ID          NAME                DRIVER
18a2866682b8        none                null
c288470c46f6        host                host
7b369448dccb        bridge              bridge

The network named bridge is a special network, 当不指定 --net 的时候,默认使用该网络.

$ docker run -itd --name=networktest ubuntu



使用命令 docker network inspect <network_name> 查看网络信息

$ docker network inspect bridge

Create your own bridge network

  • Docker Engine natively supports both bridge networks and overlay networks.
  • A bridge network is limited to a single host running Docker Engine.
  • An overlay network can include multiple hosts and is a more advanced topic.

创建一个 bridge 网络

# 创建一个网络
$ docker network create -d bridge my_bridge

The -d flag tells Docker to use the bridge driver for the new network. You could have left this flag off as bridge is the default value for this flag.


使用命令 docker network ls

$ docker network ls

NETWORK ID          NAME                DRIVER
7b369448dccb        bridge              bridge
615d565d498c        my_bridge           bridge
18a2866682b8        none                null
c288470c46f6        host                host


使用命令 docker network inspect <network_name>

# 查看网络信息
$ docker network inspect my_bridge
        "Name": "my_bridge",
        "Id": "bca088e559338498829496538f1e58b414cfe22be0737bf7b6d9c36bfd2954a5",
        "Created": "2017-09-08T17:18:10.67709847+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                    "Subnet": "",
                    "Gateway": ""
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        "ConfigOnly": false,
        "Containers": {
            "c1f13c8b73e75a3e424bb55bc98158348090a8121404541c371f3201a28ab113": {
                "Name": "alpine_test",
                "EndpointID": "61eb93407ef612356ca566d5b2e7ce2f246890e8551781e35f5246f88f7cb51b",
                "MacAddress": "02:42:ac:14:00:02",
                "IPv4Address": "",
                "IPv6Address": ""
        "Options": {},
        "Labels": {}

Add containers to a network

Networks, by definition, provide complete isolation(完全隔离) for containers.

创建容器时,使用 --net=<network_name> flag 为容器指定网络

# 将一个容器加入网络
$ docker run --rm -itd --net=my_bridge --name alpine_test alpine



使用命令 docker inspect --format='{{json .NetworkSettings.Networks}}' <container_name>

# 通过容器查看网络信息
$ docker inspect --format='{{json .NetworkSettings.Networks}}' alpine_test


You can remove a container from a network by disconnecting the container. To do this, you supply both the network name and the container name. You can also use the container ID. In this example, though, the name is faster.

将一个 container 从给一个网络中移除时,使用命令 docker network disconnect <network_name> <container_name/container_id>

# 将容器移除网络
$ docker network disconnect my_bridge alpine_test

# 重新通过容器查看网络信息
$ docker inspect --format='{{json .NetworkSettings.Networks}}' alpine_test

# 查看容器状态
# 容器虽然脱离网络,但是依然存活
$ docker container ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                         PORTS               NAMES
c1f13c8b73e7        alpine              "/bin/sh"                5 minutes ago       Up 5 minutes                                       alpine_test



  • 容器 db 使用 my_bridge 网络
  • 容器 web 使用默认的 bridge 网络

# 创建容器
$ docker run -d --net=my_bridge --name db training/postgres
$ docker run -itd --name web ubuntu

进入容器 db,尝试 ping 容器 web。 以失败而告终

# 查看IP地址
$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' db
$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web

$ docker exec -it db bash
root@53365bd018e5:/# ping
PING ( 56(84) bytes of data.
--- ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1007ms


使用命令 docker network connect <network_name> <container_name>

$ docker network connect my_bridge web

$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web

重新 ping web 的新地址

$ docker exec -it db bash
root@53365bd018e5:/# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=0.129 ms
64 bytes from icmp_seq=2 ttl=64 time=0.087 ms
64 bytes from icmp_seq=3 ttl=64 time=0.076 ms
--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.076/0.097/0.129/0.024 ms


使用命令 docker network rm <network_name>

$ docker network rm my_bridge

$ docker network ls
NETWORK ID          NAME                           DRIVER              SCOPE
b2807e40afc6        bridge                         bridge              local
1f069296a405        docker_gwbridge                bridge              local
dfea931891b4        dockerregistrymirror_default   bridge              local
3c2b536039ac        host                           host                local
ffa7c88de9e4        none                           null                local

results matching ""

    No results matching ""